Posted
by
timothy
on Sunday October 26, 2003 @07:12PM
from the on-the-innernet dept.

scrm writes "Plaxo is an interesting new service from Sean Parker, co-founder of Napster. It's a P2P-based add-on to Outlook that confronts the old problem of keeping contact lists up-to-date. Mozilla mail support is on the cards, and yes, the company does 'take privacy very seriously'. Check the press here(1), here(2) and here(3). You can also access your contact list over the web."

another idea foiled... this is really a great idea should security concerns be dealt with well. an additional way to generate revenue is to cross this with project management tools and project weblogs.

Would you let your desktop PC request data from a web service or web site? Do you post requested information to web forms?

If the P2P element of this is written correctly, then all your doing is sending out a request for data and having validated data returned, just like a web service. You only receive data you request, and you only return data that you've approved the request for. Period.

While I can see that you're worried about Outlook itself, most holes in it are the result of scripting vulnerabilities

> Outlook runs my business..., and I have a zero trust factor for Napster...

You run one of the most unstable and insecure pieces of software available, trusting that it won't infect your entire network with the "Outlook Worm of the Week" (tm), yet you won't trust a piece of software just to do address book searches? Wow, that's pretty stupid.

Yeah, finally a company built on Outlook's insecurity. Check out this article in PC Magazine [pcmag.com]:

"Plaxo contains a hack that mines your Outlook profile password so that it can retrieve your contacts unhindered. Although Plaxo claims that it does nothing with your password once it retrieves your contacts, I don't like this, because it makes child's play out of accessing passwords;"

So not only are they mining your personal data for later resale to the highest bidder, they're compromising your machine while they're at it!

No - the article you refer to was corrected the day after it was posted. I quote from here [pcmag.com]:

"I was wrong about Plaxo's supposed ability to break your Outlook password. Company officials confirm that it doesn't do that. I was misinformed, and I apologize for passing along erroneous information."

Napster's creators finally up to some good.I think this is a first!Good ideas --Good for them and the everyone else.Everyone can use benefits of P2P and not even know itReally, I'm looking forward to this!

Outlook allows you to customise information stored against contacts. There is a binary field in there that you can happily use for storing images, text files and yup... MP3's.

Given that, there's no reason why you could write a simple application creating a directory of contact names for all your MP3's and attaching the relevant files. You could even add tag info using custom fields too.

Now whether this P2P system allows you to transfer custom fields remains to be seen - I'd wager a big no on that one. But

Because being able to follow networks of business relations and friendships is something that would be very valuable to many organizations. Perhaps more valuable than a happy user of their software, if you catch my drift.

If you think about it, Plaxo is the perfect "built to be acquired" company.
Read their "privacy policy" here: [plaxo.com]

"In the event Plaxo goes through a business transition, such as a merger, acquisition or the sale of a portion of its assets, Your Information and your membership in the Plaxo Contact Networks(TM) will, in most instances, be part of the assets transferred. You will be notified of an ownership change pursuant to Notification of Changes section of the privacy statement."

See that? They consider your information to be an asset. So, I wonder how long they're going to farm data before selling themselves to doubleclick? Imagine how valuable that data will be. Your surfing habits, matched with your personal information, matched with the personal information and surfing habits of all your 1st-degree friends, and all your friends' friends...

Imagine how valuable that data will be. Your surfing habits, matched with your personal information, matched with the personal information and surfing habits of all your 1st-degree friends, and all your friends' friends...

Couple that with a user-installed back-door straight into your email program and all the data held within:

You really want this email right now, and it should pop-up over everything else and should not be filtered out under any circumstances!

to make a P2P app for trading music files but with the added protection that the App was made for legal uses and the few illegal uses that the users have found a way to use it for were not intended, hence the company is not liable.

Actually, it's not - it only shares contact details. I used the free version for a while and it's quite effective at keeping your address book up-to-date. I don't know how it got the label "new" though since it's been around for a while now.

Only problem is that on Outlooks that are connected to MS Exchange servers like mine, it slows it down to a crawl. I've no idea what it's doing with so much bandwidth - I think it checks my entire address book against the 300 addresses I have in Plaxo every time I o

seems like they forgot to add the extension to some of the screenshots. for example, the very nice bliss wallpaper is actually a jpg, but mozilla doesn't understand that. save it to your harddisk instead.

The file name extension isn't relevant, the Content-Type HTTP header is. (Or, in case of Internet Explorer, the file contents, which is Wrong and Comdemnable!) My browser can read dynamic web pages just fine even when it sees odd file extensions like.pl or.php or.cgi or.aspx, or, as I prefer my own mod_perl apps, no file name extension at all.

If they really take privacy seriously, why do they act as "man-in-the-middle" of all transactions between their users? Who knows how many valid e-mail addresses they have collected.
Their system has nothing to do with p2p-systems, it is in fact no more p2p-like than e-mail.

Worst of all, Plaxo users upload their contact lists containing personal information about others. That is without their acknowledgement.

Isn't this basically the same as adding a phonebook database to your PIM? Only with this you don't have the right to tell the phone company you don't want to be listed because it's listed in someone's PIM.
I'm skeptical.

Seems like an interesting use of technology, but it isn't new. (Exchange has had this, of course, for intra-Exchange users, for ages. America Online recently started testing a similar service for their members.)

It is unique in that it has the possibility of accomodating users across mail services, platforms, and other traditional barriers.

However, being the paranoid schizo that I am, I can't imagine I would ever subscribe to or accomodate such a service. Not to be a conspiracy theorist, but such a centralized system has an incredible ability to be abused by sources internal and external.

Given that your most powerful asset for finding a better job is your contact network, here's why you would want to use this:

Say you meet someone you think can help your career and you exchange business cards (say, oh, i don't know, the CEO of Media Lab Europe). When you get back to the office, maybe you enter his data into your PIM, maybe you don't. In either case the contact loop ends there (more or less).

Now lets say you have Plaxo. Now you have a mechansim that not only keeps you up to date on his cont

Sounds horrible. I can already drag contacts out of my address book and into iChat, and drag a contact out of iChat into my address book. Furthermore I can mail vCards to and from whomever I wish. Lastly, I can sync addressbooks via SyncML with whomever, and for large organizations, there are directory services. So it seems this Plaxo widget adds basically nothing to my existing abilities.

Cardscan's Accucard [corex.com] already does this- and has for quite some time. When you scan a card, you get the option to add it to Accucard, and the owner of the card(provided they have an email address) gets an email asking if the info is correct and if they'd like to keep their info up to date in the future. Any future copies of their card that get scanned automatically get the new info, I believe.

This is important, because Corex(makers of Cardscan) already have one big thing the P2P companies don't- they have their foot in the door already with their Cardscan units, which are owned by people who need this service the most- sales people and the like. It's like trying to sell gas to car owners, the two just go together. While some sales people may have P2P software on their systems, it's unlikely given the crackdown on p2p apps by many companies....and they're not about to put client information into some two-bit p2p program.

Just like how Napster wasn't P2P, neither is this - it's Person <-> Central-Server <-> Person.

P2P usually implies a bit more distributed networking. Either completely distributed (and unworkable) like the original Gnutella, or mostly distributed with SuperNodes like Kazaa, eDonkey, and the new Gnutella. Napster was always a client->server metainfo server.

From the many identical emails I've been getting, Plaxo seems to be a program that goes though your contact list and then spams everyone you know with what appear to be personal messages from you but are really just ads asking you to download and run the program (and enter your personal information for the company to harvest).

If some kid had written this in his spare time, it would be called a virus. Because Plaxo is a company, it's called an innovative application. There are several other startups all doing the same thing (search on Google), and when they go bankrupt their privacy polices will mean nothing.

Filter them out to your detriment. The only issue I have with Plaxo at the moment is that it does not support enough platforms.

I feel complaint about privacy that are cited above reflect a lack of time and attention spent to reading how Plaxo works. I am not affiliated with them, but I was developing a similar tool when I saw that they were far ahead and had ALL the right ideas either in-place or on their futures list.

My embrace of Plaxo is provisional at the moment.Plaxo is not fully "there yet", but I

That's sort of what I was hoping this would be. Using FOAF, you control your own information, which is a node on a directed graph. Your FOAF file points to other FOAF files, forming a web. The only problem is that these FOAF files are just as spiderable as anything else on the WWW, so people don't generally put their email addresses in them. If you could come up with some sort of access control scheme, you'd be part-way to getting FOAF web to be a sort of distributed address book. You'd (well, not you

Uhm yes, that should be safe,,, yep!No chance of virus or worms here. I guess it will be installed by the same people who wonders if dropping a lighter into your cars gas tank could cause any problems.

I'm wondering if Sean's ideas will help fight spam. If you used a reverse key that only the sender has that it could verify itself across the network as from them instantly.

Of course this also could lock in email where if you dont use the product then you cant send to any of your friends or new people becuase they're trashing everything else. It would be better if this was a Open Source project where it would be more of a guarrentee that it's available to all operating systems.

P2P in calendaring very often means that the central server is not active, ie. does not do schedule conflict resolution, etc.

For instance Exchange, until a few versions ago was considered P2P, because all it did was store the outlook calendar info. I have never managed exchange but I believe people who have for a while may remember a time when you use to be able to use calendar on outlook without exchange. This has changed recently ( I've been investigating calendar apps and that was what I was told )

At any rate; If you create an application that uses IMAP to store the calendar info in a special calendar folder, and you have the clients themselves check and resolve conflicts, then your calendar app is P2P.

I'm guessing they're applying the same definition to addressing as well.

At any rate; If you create an application that uses IMAP to store the calendar info in a special calendar folder, and you have the clients themselves check and resolve conflicts, then your calendar app is P2P.

If you ever find such a thing, please let us know! IMAP calendars would be a magical thing!

Yeah, but you're forgetting if that person has 500 contacts, which would you rather he did: Write One automated message and have the program do everything for him, or have him write 500 "quick notes"? It's all about taking the hard work away from him and saving him time.
Not to sound like a salesman or anything, i don't have plaxo and don't know much about it, just pointing out some obvious logic.

I don't care how much time this saves how many people, it's a fundamentally bad idea that will only at to the overall dehumanization of the internet.

In the last few years, email has quite reasonably overtaken traditional mail as the dominant form of written communication. The consequences have been numerous, but tolerable up until this point. Programs of this nature are one thing in the business world, but when companies start to market this "s

There's been some talk of adding a feature like this to FastMail [fastmail.fm] (i.e. accessing one's FastMail address book via LDAP).

The problem is that most mail clients have a pretty crummy LDAP implementation: they don't support user logins (so you could only offer one global directory - bad idea), LDAP+SSL or writing changes to the directory.

I already hate this software. I'm a network admin, and 3 users have installed Plaxo, two of them after I advised them not to.

One person in another part of the company installed it, and it emailed everyone in his contact list without asking, apparently. Two people under me showed me the email and asked about it; I did some research and decided that it sounded not only like a virus, but definitely against company policy as departmental contact info is sent outside the company.

Here is a rather critical article about Plaxo, followed by an update after speaking with the Plaxo people:

I don't see how P2P technology would help in this case. It neither requires heavy traffic (BitTorrent), nor discreet file transfers of dubious legality (WinMX). Here's my cross-platform, easy-to-maintain-and-use solution for using my contacts:

Why not? You could easily turn this idea in a different direction and have an easy way to share blacklists with lots of people. But then there's the matter of figuring out what is a spam address and what is the address of someone being spited and having all their contact to the outer world blocked...

If you're a Mozilla user, try Edit->Fill In Form -> View Stored Form Data. How much info about you has Mozilla accumulated? You didn't tell it that stuff; it captured it as you filled in XML-enabled forms.

Has it found your driver's license number yet? Your social security number? Your credit card numbers? Your birthdate? Your mother's maiden name?
Click on "Personal" and see what it knows about you. Mozilla silently collects that info.

My employer scanned every computer and had the IT people remove it. Then they blocked Plaxo at the firewall and gave Plaxo a list of every known employee who had an account with them and requested that the accounts be terminated immediately.

I've had Plaxo running for a while, and it didn't always update my records correctly,and I had problems in syncing my outlook with my phone afterwards. But those are just technical limitations, probably also due to my lack of knowledge in working with Plaxo (though I did see I wasn't the only one, many of my friends/colleagues forgot to enter either a '+' of '00' sign infront of their phone number-> the phonebook in my phone (which I sync automatically via bluetooth) got messed up.

Plaxo contains a hack that mines your Outlook profile password so that it can retrieve your contacts unhindered.

So? I can access the contacts in Pine by just reading a plain text file. No hack required.

Having said all that, I like the idea of having my contacts kept updated. I thought about writing something that did a mass email to my contacts with their details asking them to correct anything that is wrong.

An electronic solution would be substantially more elegant but I'm wary of using Plaxo. Any su

I like the idea of an active address book like this. But PlanetAll, the first Web site I know of that tried it, folded years ago, and now OneName just filed for bankruptcy. What makes these guys think they can make the idea stick this time around?

What really needs to be transmitted in a sexual intercourse simulation? The current number of millimeters of penetration at any given instant, sampled a couple dozen times a second? That wouldn't take too much bandwidth, but I can see where latency issues would come into play.

There's a lot more to sex than just the mechanical in-and-out (even for guys). VRsex w/ toys will never be as good as the real thing until we've got true BCI (brain computer interface) tech.

Still, I have no idea how much bandwidth haptic data would consume. Like, how much data is sent to your brain each millisecond by your nerves when someone blows... hot air across the thousands of tiny hairs on your neck? (I feel an offtopic mod is due).